Google subpoenaed by FBI to access a pimp’s pattern-locked Samsung smartphone

pimp by Carole

pimp drawn by CaroleYou can just imagine the type of person who might belong to a gang called – wait for it – Pimpin Hoes Daily.

Classy, in that gold-tooth sporting, magenta-or-lime-double-breasted-Italian-suit wearing, and toe-squeezing-winklepinker-loving way.

Gang-founder Dante Dears (his name is as priceless as the acronym for his gang) has recently found himself a touch more free press than he perhaps bargained for.

According to El Reg, Dears was jailed twice between 2005-2011 for almost six years on charges including kidnapping and pimping prostitutes, some of whom were underage.

Conditions of his parole release included search of his home. The Feds were tipped off to Dears getting up to his old ways again, so they decided to raid his home where the San Diego FBI located his smartphone, according to several media reports.

Samsung SGH-T679Thing is, the FBI couldn’t access the contents on the pattern-locked phone, so they issued Google with a subpoenae. In order to unlock the phone, the authorities require Dears’ Google account username and password, which unsurprisingly, the Pimpin Hoes Daily founder has refused to hand over.

The warrant request includes providing the FBI with the phone’s GPS data, contacts, text messages, search terms, webpage history. Normally, we would be none the wiser to such a request for information, but researcher Christopher Soghoian “stumbled” across it, and blogged it.

Now, a company such as Google is likely to receive countless demands for information, and I am sure they don’t hand over information willy nilly. In fact, Google provided Ars Technica with the following statement:

Like all law-abiding companies, we comply with valid legal process. Whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. If we believe a request is overly broad, we will seek to narrow it.

Reading this story, I just cannot believe that the Feds wouldn’t be able to get into that phone. So I asked our resident Sophos’s Android security expert, Vanja Svajcer, for his opinion.

Vanja said that although it is technically possible to break the pattern lock combination using brute force technique (there are allegedly only 895824 combinations), it requires potentially unlawful access to the phone.

To start guessing at the combination, a file needs to be retrieved from the device. Jail-breaking tools, which grant access to the device using the root credentials, may be used to get the the required file.
Check out this Forensics Focus article for more information.

Effectively, this means there is a catch-22: to get the evidence, you need the data on the phone. To get the data on the phone, you need to jailbreak it. Jailbreaking it invalidates the data. Hence, the need for the warrant.

Ah, now it all makes sense.